THE EFFECTIVENESS OF APPLYING DIFFERENT STRATEGIES ON RECOGNITION AND RECALL TEXTUAL PASSWORD

International Journal of Network Security & Its Applications (IJNSA) Vol.14, No.2, March 2022
DOI: 10.5121/ijnsa.2022.14202 15
THE EFFECTIVENESS OF APPLYING
DIFFERENT STRATEGIES ON RECOGNITION
AND RECALL TEXTUAL PASSWORD
Hassan Wasfi1
and Richard Stone 2, 1
1
Iowa State University HCI Department, USA
2
Iowa State University Industrial and Manufacturing Systems Engineering Department,
USA
ABSTRACT
Using English words as passwords have been a popular topic in the last few years. The following article
discusses a study to compare self-selection of the system-generated words for recognition and self-
generated words for recall for nouns and mixture words. The results revealed no significant difference
between recognition and recall of password nouns. The average memorability rate of noun recognition was
75.72%, slightly higher than noun recall 74.23% in long-term memory. Also, there was no significant
difference between recognition and recall mixture word passwords. The average memorability rate of
mixture word recognition was 95.23%, and recall was 84.14% in long-term memory. The authors
concluded that the recognition and recall of mixed word passwords had a higher memorability rate than
nouns.
KEYWORDS
Password, User behavior, Recognition, Recall, Nouns, Mixture Words, Passphrase.
1. INTRODUCTION
Passwords provide a security mechanism to verify a users' identity before accessing private
resources. A text-based password is one of the most popular methods to protect users' information
[1, 2]. It is enduring ubiquitous because of the ease of password creation [3]. Humans tend to
create an easy password containing their personal information, which is easy to be cracked [4, 5].
The users' behaviors of password creation enforce companies to establish password policies to
increase security [6, 7, 8]. However, creating different passwords with different policies would be
difficult to memorize [9, 10]. Several studies argued that utilizing passphrases instead of normal
text passwords enhances security [11, 12, 13, 14]. Most studies are proposed as system-generated
passphrases to produce long and unpredictable passwords [15, 16, 17]. The randomly generated
words are difficult to remember because human memory is stimulated with the association
between words. Also, the word types can play a role in storing a collection of words for long-
term memory [18]. The passphrase structure significantly influences memorability, especially
when built with no sequential or meaningful pattern. [19, 20, 21]. Therefore, auto-selection
words negatively impact memorability, particularly when the words' types and structures are not
equally distributed between each user [22]. Our study aimed to investigate the users' behaviors of
choosing nouns or mixture words from a randomly generated set of words as a recognition
password and compare it to a self-generated recall password.

16
2. RELATED WORK
The forgettability issue of text-based passwords led researchers to discover an alternative aspect
that enhances users’ memorability. Engaging English words in the authentication field helps
investigate its efficiency on human memory. The users’ behaviors of creating a password from
English words would differ from the normal text password. The majority of published papers are
based on the passphrases approach to increase security [11, 15, 23]. Different techniques are
occupied to randomly generated passphrases to enhance memorability, such as word associations
and categorizations [24]. Also, occupying chunking theory decreases the load on user memory
[25, 26]. However, passphrase has an issue with spelling mistakes because it includes more
characters than traditional text passwords. Long passphrases raise the level of spelling mistakes
[27, 28]. Several studies applied a typo-tolerant password protocol to avoid a small number of
typographical errors of text-based passwords or phrases [29, 30, 31]. The system-generated
passphrases have a problem related to word types distribution and structure [32, 33]. For instance,
some participants commented that their passwords did not include a verb or nouns with a
semantic meaning which influenced retrieving the correct password [19]. Moreover, the difficulty
level of English words may influence memorizing a set of words, especially for non-native
speakers [28]. Our study is proposed to analyze users’ behaviors of password creation for
recognition and recall textual password (RRTP):
 Recognition: selecting words from a set of randomly generated words presented on a
grid.
 Recall: retrieving words created by users by typing in a textbox.
These concepts will be tested with two different types of English words (nouns and mixture
words (nouns, verbs, adjectives, and helping words “is, are, and, but, in, has”)). Our study will
apply self-selection of system-generated words as recognition passwords and self-generated
words as recall passwords. To reach to study goals, there are different hypotheses will be
answered to have a clear idea of how participants will behave while creating their passwords:
H1: There will be a significant difference in memorability rate between self-selection of system-
generated nouns as recognition passwords and self-generated nouns as a recall password.
H2: There will be a significant difference in login time between self-selection of system-
generated nouns as recognition passwords and self-generated nouns as a recall password.
H3: There will be a significant difference in memorability rate between self-selection of system-
generated mixture words as recognition password and self-generated mixture words as a
recall password.
H4: There will be a significant difference in login time between self-selection of system-
generated mixture words as recognition passwords and self-generated mixture words as a
recall password.
H5: There will be a huge difference in the memorability rate between mixture words and nouns
in long-term memory.
3. RESEARCH METHODOLOGY
This study will investigate the usability of RRTP for nouns and mixture words, as shown in
figure1.This study proposed to analyze the users’ behavior of self-selection of system-generated
words as recognition passwords and compare it to self-generated words as a recall password. The
majority of previous studies focused on a random selection method of recognition or recall
passwords which have a negative impact on the memorability rate, as shown in table 1study (1, 2,
3). However, study (4) in table 1 stated that self-generated passphrase has a greater memorability

17
rate than traditional passwords. Moreover, study (5) proved that self-generated passphrase has
fewer cognitive load stressors on working memory than system-imposed passphrases. Our study
is proposedto discover the structures of password creation for nouns and mixtures words and
assess their role in memorability rate.
Figure 1. The strategies of textual password
Table 1. System and self-generated passphrase or nouns for different studies
N
o
Study Methods Words Type Number of
Words(pas
swords)
Comments
1
1
Wright N,
Patrick AS,
Biddle R(2012)
Recognition
& Recall
System
generated
(nouns, verbs,
adjectives)
4 words -Some participants
commented that their
password was not
included a verb or
semantic meaning
“throat” and
“tongue” which
affected negatively
retrieving the correct
password.
2 Assal H, Imran
A, Chiasson
S(2018)
Recognition System
generated
(nouns, verbs,
adjectives)
5 words -No balance between
word types presented
to users in the
registration phase.
The words that
appeared in GUI
havefewer adjectives
than other types.
3 Shay R, Kelley
PG, Komanduri
S, Mazurek
ML, Ur B,
Vidas T, et
al(2012)
Recall System
generated
nouns and
passphrase
4 words -No analysis of how
different types of
nouns influence users’
memorability.
- The successful login
rate for system-
generated nouns is
The Strategies of Textual
Password
Nouns
Recognition Recall
Mixture
Recognition Recall

18
3.1. Participants
The total number of participants involved in this study was 74 (male = 41, female = 33). The
participant's average age is 26 years, as shown in table 2. The majority of participants were a
student at Iowa State University (93.24 %) and another part was from the public population (6.75
%).The education level of participants is undergraduate and higher. The participants were from
different nationalities with native and non-native speakers.
Table 2. The number of participants and their age average for each group of RRTP
Group Male Female Average Age
(Year)
Group A (Nouns) 21 17 26
Group B (Mixture) 20 16 26
3.2. The Material
A mobile application was built to assess the user’s memorability and log-in time for nouns and
mixture words. Participant of recognition passwords has 24 words, randomly generated from a
dictionary with 203 words. The nouns dictionary includes common nouns used in daily life. The
mixture dictionary includes the common nouns, verbs, adjectives, and helping words (“is, are,
but, and, in, has”). Each participant of the mixture recognition will have six nouns, six verbs, six
adjectives, and six helping words. The theoretical space of recognition password is 18.43 bits
which are less than required for security purposes, but this study will be focused on analyzing the
user’s behaviors. On the academic side, different studies were published on authentication
systems with password space less than required for the system’s usability purpose [34]. The
theoretical space of the recall password is based on the number of words entered. The words set
was taken from the Macmillan dictionary, and they were selected regarding the English level
differences between participants because the study includes native and non-native speakers. The
words were chosen based on our daily life use. Participants should select four words or more as
recognition passwords by touching the computer screen. Users have to enter another four words
or more from their mind as recall passwords by using a physical keyboard. A Dictionary checker
was conducted to mitigate spelling mistakes.
slightly higher than
different types of
phrases.
4
4
B. Bhana and S.
V.
Flowerday(2021
)
Recall User-
generated
passphrase/pas
sword
Not stated
- passphrases users
have a greater
memorability rate
than passwords which
support the idea of
long password lead to
greater login failure.
4
5
L. A. Loos, R.
K. Minas, M.-B.
C. Ogawa, and
M. E.
Crosby(2021)
Recall System and
self-generated
passphrase
4 words -Self-generated
passphrases result in
less cognitive load
stressors on working
memory than system-
generated passphrases

19
3.3. Procedure
Before starting the study procedures, the participants were notified that the IRB of Iowa State
University had approved our study. The users have to read through the consent form details and
agree with the study procedures. The participants were informed that the password creation
procedures would not include their private information or passwords. Each participant will make
the experiment individually in a private lab. The participants were informed that the study would
be three weeks long from the registration time as follow:
 Short-Term Memory (STM): After the registration time.
 Long-Term Memory1(LTM1): After one week of STM login.
 Long-Term-Memory2(LTM2): After two weeks of LTM1 login.
3.4. Pre-Survey
A pre-survey is required to specify the participants’ age eligibility (over 18 years). Other
information has been taken, such as gender, age, nationality, and education level, which would be
helpful to analyze the relationship between these factors on the memorability rate.
3.5. Registration Phase
To investigate the memorability rate and users’ habits of using English words as recognition and
recall passwords, A user study was conducted. The user study was divided into two groups of
English words:
 Group A (within-subjects) with two conditions recognition (DV) and recall (DV) of
nouns, as shown in figure 2.
Figure 2. The recognition and recall passwords for nouns
 Group B (within-subjects) with two conditions recognition (DV) and recall (DV) of
mixtures words (nouns, verbs, adjectives, and helping words (“is, are, but, and, in, has”)), as
shown in figure 3.

20
Figure 3. The recognition and recall passwords for mixture words
Each participant for both groups must follow the instructions below before creating the
passwords:
 Not allowed to repeat any words of recognition password in the recall password.
 Not storing the words of password on paper or electronically.
 The typing words should be in a small letter.
 There will be a reminder for participants who failed to log in (in the lab).
 The mixture words participants should not use all words of their recognition or recall
password from same words type. At least one or two words from different types.
3.6. Post-Survey
After the registration phase, the participants were asked to answer a post-survey to analyze the
methods were used to build their recognition and recall passwords. Moreover, investigating the
efficiency of those methods on their memory retrieval performance.
4. RESULT
4.1. Overview
The experiments are divided into two groups, as shown in table 3. The experiments are based on
two different periods short-term and long-term memory. The memorability result of recognizing
nouns is slightly higher than recall in LTM. The most factor that influenced users of nouns is the
random selection such as "story weather name Snapchat". The memorability result of mixture
recognition is slightly higher than recall in LTM caused by users who did not grammatically
structure their passwords, such as "google become but dangerous". The experiments were in a
private lab that helped control writing down or storing passwords electronically. The users who
failed to log in have a reminder for their password in the lab.

21
Table 3. The study experiments of recognition and recall password
Study Experiments
Memorability
(STM)
Memorability
(LTM 1 and 2)
User Behavior
Experiment 1 recall nouns>
recognition nouns
recognition nouns
> recall nouns
-one chunk
-two chunks
-scenario
-random
Experiment2 recognition mixture
> recall mixture
recognition
mixture > recall
mixture
-grammar flow
-no grammar flow
Result of Experiment 1
& 2
The mixture password has a higher memorability rate compared to
nouns for both conditions
To assess the data normality, SPSS software applied skewness and kurtosis measurements across
the noun’s recognition and recall (STM, LTM1, and LTM2). Due to the confirmed non-normality
of the data. The non-parametric Mann-Whitney test was applied. Also, to assess the data
normality, SPSS software applied skewness and kurtosis measurements across the mixture
recognition and recall (STM, LTM1, and LTM2). Due to the confirmed non-normality of the
data. The non-parametric Mann-Whitney test was applied. The password entropy for each group
is shown in table 4.
Table 4. The password entropy for recognition and recall of nouns and mixture words
Password Entropy
Recognition Recall
Group A 18.34 bits 61.11< bits <178.62
Group B 18.34 bits 61.11< bits < 136.31
4.2. The Memorability Rate of RRTP for Group A (Nouns)
H1: There will be a significant difference in memorability rate between user selection of system-
generated nouns as recognition passwords and self-generated nouns as a recall password?
H2: There will be a significant difference in login time between user selection of system-
generated nouns as recognition passwords and self-generated nouns as a recall password?
A Mann-Whitney test was conducted to test the significant difference in memorability rate
between user selection of system-generated nouns (recognition) and self-generated nouns (recall).
There was no significant difference in the memorability rate and login time between recognition
and recall passwords, as shown in table 5. In STM, the memorability rate for recall password
(mean= 41.63) was higher than recognition password (mean= 35.37), (p= .082).

22
Table 5. The memorability rate and login time of RRTP for nouns
In contrast, the recognition password has a slightly higher memorability rate than the recall
password in LTM1 caused by a sharp reduction in recall memorability rate to 61.76 % compared
to STM, as shown in figure 4. In LTM 2, the memorability rate increases compared to LTM 1,
which belongs to 73.68 % of participants who used a reminder retrieved their password correctly,
as shown in table 6. The recall password has less login time compared to recognition password in
STM and LTM, as shown in figure 5.
Figure 4. The successful login rate of RRTP for nouns
Table 6. The enhancement on memorability rate after a reminder nouns password
Reminder (Nouns)
Recognition Recall
No. Participants Correctness No. Participants Correctness
First Reminder (9) 7 First Reminder (2) 0
Second Reminder (9) 7 Second Reminder (10) 7
Memorability Rate and Login Time for Nouns Password
STM
N Memorability
P-value
Login Time
P-value
Recognition
&& Recall
38 .082 .010
LTM 1
Recognition
&& Recall
34 .807 .087
LTM 2
Recognition
&& Recall
33 .806 .521
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Try 1 Try2 Try3 Try 1 Try2 Try3
Recognition Recall
The Successful Login Rate for RRTP for Nouns
(STM and LTM)
Nouns STM Nouns LTM1 Nouns LTM2

23
Figure 5. Login time for RRTP of nouns
The users have created their passwords based on four different structures: one chunk, two chunks,
scenario, and random as shown in figure 6 and example for their structures, as shown in table 7.
Figure 6. The methods applied for RRTP for nouns
Table 7. Examples of the methods used by participants for password creation for nouns
Password Creation Methods Examples
One Chuck Two Chunks Scenario Random
-Same first letter
(weather water world
work)
-Family members
(father mother brother
sister)
-Information technology
(computer google
facebook iPod)
-gender+ life
experience
(mother woman
life education)
-body parts+ sides
(head eye back
end)
-the relationship
between education
and work
(education reason
work life)
-no relationship
(work party name
business)
(story weather name
snapchat)
00:00
00:07
00:14
00:21
00:28
00:36
STM LTM1 LTM2
Login Time of Nouns(Seconds)
Recognition Recall
0
10
20
30
One Chunk Two Chunks Senario Random
Nouns
The Number of Methods Applied in The Password
Creation for RRTP for Nouns
Recognition Recall

24
The random method of recognition and recall password had a 57.5 % successful login average
rate but one chunk (100 %), two chunks (86.27 %), scenario (86.05 %), as shown in figure 7.The
reduction in the memorability rate was caused by either missing order or substituting with other
words of their password. Therefore, one chunk, two chunks, and scenario methods proved a
higher memorability rate than random selection for both conditions.
Figure 7. The successful login rate for each method of RRTP for nouns
4.3. The Memorability Rate of RRTP for Group B (Mixture)
H3: There will be a significant difference in memorability rate between user selection of system-
generated mixture words as recognition passwords and self-generated mixture words as a recall
password?
H4: There will be a significant difference in login time between user selection of system-
generated mixture words as recognition passwords and self-generated mixture words as a recall
password?
A Mann-Whitney test was conducted to test the significant difference in memorability rate
between user selection of system-generated mixture words (recognition) and self-generated
mixture words (recall). There was no significant difference in the memorability rate and login
time between recognition and recall passwords in STM and LTM, as shown in table 8.
Table 8. The memorability rate and login time of RRTP for mixture word
Memorability Rate and Login Time for Mixture Password
STM
N Memorability P-
value
Login Time
P-value
Recognition
&& Recall 35 .626 .147
LTM 1 Recognition
&& Recall 32 .213 .060
LTM 2 Recognition
&& Recall 28 .079 .153
100%
85.71%
83.33%
50%
100% 100% 100%
75%
100%
76.19% 75%
50%
100%
80% 83%
30%
100%
85.71%
75%
80%
100%
90%
100%
60%
0%
20%
40%
60%
80%
100%
One Chunk Two Chunk Senario Random One Chunk Two Chunk Senario Random
Recognition Recall
The Successful login Rate for Each Method of RRTP for Nouns (STM and LTM)
STM LTM1 LTM2

25
The memorability rate for recognition passwords was higher than recall in STM and LTM, as
shown in figure 8. The login time for both recognition and recall passwords are almost equal to
each other, as shown in figure 9. The users of mixture words built more than 25 structures as a
phrase for both conditions. Some of these structures had a negative impact in retrieving the
correct password because they are not structured the words of their password in a meaningful
format or grammatically correct, as shown in table 9. There are 8.57 % of participants had missed
orders or substituted with other words of their password as well as, 5.71 % had a spelling mistake
such as using plural instead of singular or name mistake using “columbus” instead of
“colombus” although using spelling checker. For these mistakes, a reminder was used twice for
recognition password and five times for recall password with 75 % enhancement in retrieving the
correct password, as shown in table 10. Therefore, the mixture words password for both
conditions have a stable memorability rate in LTM.
Figure 8. The successful login rate for RRTP for mixture words
Figure 9. Login time for RRTP of mixture password
0%
20%
40%
60%
80%
100%
Try 1 Try2 Try3 Try 1 Try2 Try3
Recognition Recall
The Memorability Rate for RRTP for Mixture
for STM and LTM
Mixture STM Mixture LTM1 Mixture LTM2
00:00
00:02
00:05
00:08
00:11
00:14
00:17
STM LTM1 LTM2
Login Time of Mixture (Seconds)
Recognition Recall

26
Table 9. Examples of some methods of RRTP for mixture password
Table 10. The enhancement on memorability rate after a reminder mixture password
Reminder (Mixture)
Recognition Recall
No. Participants Correctness No. Participants Correctness
First Reminder (0) 0 First Reminder (1) 0
Second Reminder (2) 2 Second Reminder (5) 4
5. DISCUSSION
The memorability rate average for recognition and recall nouns is 74.97 % in LTM. The main
reasons for the memorability shortage of nouns passwords belong to random selection or
password creation structures. The memorability of nouns recognition is influenced by another
factor which is 37.5 % of two chunks users have same words category of their password in
displayed words set which confused them to retrieve the correct passwords such as (“morning”
and “night”) or (“YouTube” and “Snapchat”). Additionally, the words with the same first letter
and close pronunciation, such as “story” and “store,” made a difference in retrieving the correct
password. The structures of password creation for recognition and recall nouns play an important
role in retrieving the correct password. In contrast, the average memorability rate of recognition
and recall of mixture passwords is 89.68 % in LTM. The slight decrease in the memorability rate
for mixture recognition and recall passwords was caused by no grammar flow or spelling
mistakes. Organizing the word set of nouns recognition passwords is very important as well as,
the structure of password creation for both nouns and mixture words has a role in memorability.
Overall, the memorability average for mixture words is higher than nouns for both conditions
(H5 supported). Some participants of nouns built a relationship between recognition and recall
passwords that aided them to retrieve the correct passwords for both conditions in LTM, as
shown in table 11.
Examples of Password Creation Structures
Phrase
(Grammar flow)
Participants (91.42 %)
Phrase
(No grammar flow)
Participants (8.57 %)
Mixture -Internet and smartphone
are important
-Snapchat friend is unsafe
- president is powerful and
useful
-google become but
dangerous
-Instagram applicable easy
use
- computer learn is dislike

27
Table 11. The Relationships the participants applied between RRTP for nouns
6. LIMITATIONS AND FUTURE WORK
The limitation of this study is the long period which led to missing some participants. The words
of recognition password influenced the memorability rate because the users' had the same words
category in words set such as "Youtube" and "Facebook". The future work will be based on
analyzing the words' sets of recognition conditions to enhance memorability. Also, enhance the
security of the proposed system by applying some techniques that mitigate different attacks.
7. CONCLUSION
Using English nouns and mixture words as recognition and recall passwords have a role in
enhancing human memory to retrieve the password easily. There is a main factor that play a role
in the memorability rate for both nouns and mixture words which are the structures of password
creation. The result shows a gap in memorability rate between nouns and mixture words for both
conditions in LTM. The RRTP of nouns needs a psychological method that enhances its
memorability rate for LTM.
REFERENCES
[1] R. Alomari and J. Thorpe, “On password behaviours and attitudes in different populations,” J. Inf.
Secur. Appl., vol. 45, pp. 79–89, 2019.
[2] M. Sreelatha, M. Shashi, M. Anirudh, M. S. Ahamer, and V. Manoj Kumar, “Authentication schemes
for session passwords using color and images,” Int. j. netw. secur. appl., vol. 3, no. 3, pp. 111–119,
2011.
[3] M. A. Haque and B. Imam, “A new graphical password: combination of recall &recognition based
approach,” International Journal of Computer, Electrical, Automation, Control and Information
Engineering, vol. 8, no. 2, pp. 320- 324, 2014.
[4] C. Kuo, S. Romanosky, and L. F. Cranor, “Human selection of mnemonic phrase-based passwords,”
in Proceedings of the second symposium on Usable privacy and security - SOUPS ’06, 2006.
[5] S. Gupta, “Passblot: A highly scalable graphical one time password system,” Int. j. netw. secur. appl.,
vol. 4, no. 2, pp. 201–216, 2012
[6] R. Dillon, S. Chawla, D. Hristova, B. Gobl, and S. Jovicic, “Password policies vs. Usability: When do
users go ‘bananas’?,” in 2020 IEEE 19th International Conference on Trust, Security and Privacy in
Computing and Communications (TrustCom), 2020.
[7] E. Y. Güven, A. Boyaci, and M. A. Aydin, “A novel password policy focusing on altering user
password selection habits: A statistical analysis on breached data,” Comput. Secur., vol. 113, no.
102560, p. 102560, 2022.
[8] P. G. Inglesant and M. A. Sasse, “The true cost of unusable password policies: Password use in the
wild,” in Proceedings of the 28th international conference on Human factors in computing systems -
CHI ’10, 2010.
Relationship Between Recognition and Recall
Type of Relationship No.
Participant
Example
Nouns Synonyms/antonyms 1 Recognition (student home hour day)
Recall (teacher house minute night)
Body parts and sides 1 Recognition (head eye back end)
Recall (arm handfront side)
Antonyms 1 Recognition (government right city
WhatsApp)
Recall (president left state Twitter)

28
[9] S. Komanduri et al., “Of passwords and people: Measuring the effect of password-composition
policies,” in Proceedings of the 2011 annual conference on Human factors in computing systems -
CHI ’11, 2011.
[10] D. Kulkarni, “A novel web-based approach for balancing usability and security requirements of text
passwords,” Int. j. netw. secur. appl., vol. 2, no. 3, pp. 1–16, 2010.
[11] J. M. Simon S. Woo, “Memorablity and Security of Different Passphrase Generation Methods,”
정
보
보
호
학
회
지
제
28권
제
1호
, vol. 28, no. 1, pp. 29–35, 2018.
[12] R. Shay et al., “Can long passwords be secure and usable?,” in Proceedings of the 32nd annual ACM
conference on Human factors in computing systems - CHI ’14, 2014.
[13] U. Topkara, M. J. Atallah, and M. Topkara, “Passwords decay, words endure: Secure and re-usable
multiple password mnemonics,” in Proceedings of the 2007 ACM symposium on Applied computing
- SAC ’07, 2007.
[14] M. Keith, Arizona State University, B. Shao, P. Steinbart, Arizona State University, and Arizona
State University, “A behavioral analysis of passphrase design and effectiveness,” J. Assoc. Inf. Syst.,
vol. 10, no. 2, pp. 63–89, 2009.
[15] Z. Joudaki, J. Thorpe, and M. V. Martin, “Reinforcing system-assigned passphrases through implicit
learning,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications
Security, 2018.
[16] K. Juang and J. Greenstein, “Integrating visual mnemonics and input feedback with passphrases to
improve the usability and security of digital authentication,” Hum. Factors, vol. 60, no. 5, pp. 658–
668, 2018.
[17] N. Jagadeesh, “Assessing the Memorability of Familiar Vocabulary for System Assigned
Passphrases,” University of Ontario Institute of Technology (Ontario Tech University), Ontario ,
2021.
[18] A. D. Yarmey, “Hypermnesia for pictures but not for concrete or abstract words,” Bull. Psychon.
Soc., vol. 8, no. 2, pp. 115–117, 1976.
[19] N. Wright, A. S. Patrick, and R. Biddle, “Do you see your password?: Applying recognition to textual
passwords,” in Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12,
2012.
[20] P. B. Maoneke, S. Flowerday, and N. Isabirye, “Evaluating the strength of a multilingual passphrase
policy,” Comput. Secur., vol. 92, no. 101746, p. 101746, 2020.
[21] L. A. Loos, M.-B. C. Ogawa, and M. E. Crosby, “Cognitive Variability Factors and Passphrase
Selection,” in Augmented Cognition. Human Cognition and Behavior, Cham: Springer International
Publishing, 2020, pp. 383–394.
[22] R. Shay et al., “Correct horse battery staple: Exploring the usability of system-assigned passphrases,”
in Proceedings of the Eighth Symposium on Usable Privacy and Security - SOUPS ’12, 2012.
[23] M. Keith, B. Shao, and P. J. Steinbart, “The usability of passphrases for authentication: An empirical
field study,” Int. J. Hum. Comput. Stud., vol. 65, no. 1, pp. 17–28, 2007.
[24] L. A. Loos, R. K. Minas, M.-B. C. Ogawa, and M. E. Crosby, “Passphrase authentication and
individual physiological differences,” in Augmented Cognition, Cham: Springer International
[25] B. Bhana and S. V. Flowerday, “Usability of the login authentication process: passphrases and
passwords,” Inf. Comput. Secur., vol. ahead-of-print, no. ahead-of-print, 2021.
[26] B. Bhana and S. Flowerday, “Passphrase and keystroke dynamics authentication: Usable security,”
Comput. Secur., vol. 96, no. 101925, p. 101925, 2020.
[27] H. Assal, A. Imran, and S. Chiasson, “An exploration of graphical password authentication for
children,” Int. J. Child Comput. Interact., vol. 18, pp. 37–46, 2018.
[28] N. K. Blanchard, C. Malaingre, and T. Selker, “Improving security and usability of passphrases with
guided word choice,” in Proceedings of the 34th Annual Computer Security Applications Conference,
2018.
[29] T. Pongmorrakot and R. Chatterjee, “TPAKE: Typo-tolerant password-authenticated key exchange,”
in Security, Privacy, and Applied Cryptography Engineering, Cham: Springer International
[30] S. Sahin and F. Li, “Don’t forget the stuffing! Revisiting the security impact of typo-tolerant
password authentication,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and
Communications Security, 2021.

29
[31] C. Bonk, Z. Parish, J. Thorpe, and A. Salehi-Abari, “Long Passphrases: Potentials and Limits,” in
2021 18th International Conference on Privacy, Security and Trust (PST), 2021.
[32] M. M. Adam Skillen, “Myphrase: Passwords from Your Own Words,” 2013.
[33] G. Nielsen, M. Vedel, and C. D. Jensen, “Improving usability of passphrase authentication,” in 2014
Twelfth Annual International Conference on Privacy, Security and Trust, 2014.
[34] K. Renaud, “Web Authentication Using Mikon Images,” in 2009 World Congress on Privacy,
Security, Trust and the Management of e-Business, 2009.
AUTHORS
Hassan M. Wasfi, Ph.D. student in the Department of HCI at Iowa State University. I
received my master’s degree in computer security from Newcastle university in the
United Kingdom in 2011. I received my bachelor’s degree in computer science from
King Abdul Aziz University in 2008. I worked at King Abdul Aziz university as a
lecturer from 2014 to 2020 in the information technology department. My current
research focuses primarily on the area of computer security, especially in the
authentication system and its relationship with behavioral aspects of password creation
for recognition and recalling textual passwords.
Richard T. Stone, Ph.D. is an Associate Professor in the Department of Industrial and
Manufacturing Systems Engineering at Iowa State University. He received his Ph.D. in
Industrial Engineering from the State University of New York at Buffalo in 2008. He
also has an MS in Information Technology, a BS in Management Information Systems
as well as university certificates in Robotics and Environmental Management Science.
His current research focuses primarily on the area of human performance engineering,
particularly applied biomedical, biomechanical, and cognitive engineering. Dr. Stone
focuses on the human aspect of work across a wide range of domains (from welding to
surgical operations and many things in between). Dr. Stone works extensively in tool, exoskeleton, and
telerobotics technologies, as well as classic ergonomic evaluation.

THE EFFECTIVENESS OF APPLYING DIFFERENT STRATEGIES ON RECOGNITION AND RECALL TEXTUAL PASSWORD

More Related Content

Similar to THE EFFECTIVENESS OF APPLYING DIFFERENT STRATEGIES ON RECOGNITION AND RECALL TEXTUAL PASSWORD (20)

Recently uploaded (20)

THE EFFECTIVENESS OF APPLYING DIFFERENT STRATEGIES ON RECOGNITION AND RECALL TEXTUAL PASSWORD